Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

LDAP Authentication (no sync) is creating users?!?

acn
Champ in-the-making
Champ in-the-making

‎09-15-2015 05:07 AM

Hallo,

I've installed Alfresco 5.0.d and want to use LDAP authentication for users that I create manually in Alfresco - as I do not have the possibility to use LDAP groups or any other filter method on the LDAP server.

So I want to create a specific user, enter the LDAP login (+ a random password) and then the user can login in Alfresco via LDAP credentials.

I have configured this setup (sort of…) via the settings below, but the following problem accurs:

Whenever a user logs in who is NOT have a Alfresco user (i.e. who I did not create manually), Alfresco creates this user by itself and the user can log in.

Using some magic debug statements, I got the following output in catalina.out when such a user logs in:
[authentication.ldap.LDAPAuthenticationComponentImpl] […] Authenticating user "<userid>"[authentication.ldap.LDAPAuthenticationComponentImpl] […] User "<userid>" does not exist in Alfresco. Attempting to import / create the user.[authentication.ldap.LDAPAuthenticationComponentImpl] […] Setting the current user to "<userid>"[authentication.ldap.LDAPAuthenticationComponentImpl] […] User "<userid>" authenticated successfully‍‍‍‍‍‍


That is NOT what I want!

How can I achieve my goal? What settings did I miss?

My configuration in alfresco-global.properties:

authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlmalfresco.authentication.allowGuestLogin=falsentlm.authentication.sso.enabled=falsentlm.authentication.allowGuestLogin=falsentlm.authentication.mapUnknownUserToGuest=falseldap.authentication.active=trueldap.authentication.allowGuestLogin=falseldap.authentication.java.naming.security.authentication=simpleldap.authentication.java.naming.read.timeout=30000ldap.authentication.userNameFormat=uid=%s,ou=people,o=xxxxxn,c=DEldap.authentication.escapeCommasInBind=trueldap.authentication.java.naming.provider.url=ldaps://our.ldap.server:636ldap.authentication.java.naming.security.protocol=sslldap.authentication.truststore.path=/opt/alfresco/alf_data/keystore/ldap/ldap-keystoreldap.authentication.truststore.passphrase=our-passwordldap.authentication.truststore.type=JKSldap.synchronization.active=false# out of despair, I added these settings, which do not seem to help:ldap.synchronization.syncWhenMissingPeopleLogIn=falseldap.synchronization.autoCreatePeopleOnLogin=false‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍


Thank you!

Kind regards
Anna Christina Naß
Labels:
0 Kudos
3 REPLIES 3

mrogers
Star Contributor
Star Contributor

‎09-15-2015 12:19 PM

The other setting is on the person service. 

# Some authentication mechanisms may need to create people
# in the repository on demand. This enables that feature.
# If disabled an error will be generated for missing
# people. If enabled then a person will be created and
# persisted.
create.missing.people
0 Kudos

acn
Champ in-the-making
Champ in-the-making
In response to mrogers

‎09-17-2015 04:28 AM

Hallo,

Where do I have to set this?

It seems to me that it is documented nowhere… 😞
Also 
/opt/alfresco$ grep "create.missing.people" -R *‍
does not find a corresponding file for this setting.

It would be great if you could tell me where I have to set this flag.

Thank you!

Anna Christina Naß
0 Kudos

mrogers
Star Contributor
Star Contributor

‎09-17-2015 07:19 AM

As with most alfresco config put it into alfresco-global.properties
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
li.common.scroll-to.top